ModSecurity in Shared Hosting
ModSecurity comes standard with all shared hosting packages that we offer and it'll be turned on automatically for any domain or subdomain you add/create within your Hepsia hosting Control Panel. The firewall has 3 different modes, so you can switch on and deactivate it with just a mouse click or set it to detection mode, so it shall maintain a log of all attacks, but it'll not do anything to stop them. The log for each of your Internet sites shall contain in-depth info such as the nature of the attack, where it originated from, what action was taken by ModSecurity, and so forth. The firewall rules we use are frequently updated and incorporate both commercial ones we get from a third-party security firm and custom ones our system admins include in case that they detect a new kind of attacks. That way, the websites that you host here shall be a lot more protected with no action needed on your end.
ModSecurity in Semi-dedicated Hosting
All semi-dedicated hosting packages that we offer feature ModSecurity and because the firewall is switched on by default, any Internet site which you build under a domain or a subdomain shall be protected right away. A separate section within the Hepsia Control Panel which comes with the semi-dedicated accounts is dedicated to ModSecurity and it'll allow you to start and stop the firewall for any Internet site or activate a detection mode. With the latter, ModSecurity shall not take any action, but it'll still recognize possible attacks and shall keep all information inside a log as if it were 100% active. The logs can be found inside the very same section of the CP and they include info about the IP where an attack came from, what its nature was, what rule ModSecurity applies to identify and stop it, etc. The security rules that we use on our servers are a mix between commercial ones from a security company and custom ones developed by our system admins. As a result, we offer higher security for your web applications as we can defend them from attacks before security companies release updates for new threats.
ModSecurity in VPS
Safety is very important to us, so we set up ModSecurity on all virtual private servers which are made available with the Hepsia CP as a standard. The firewall could be managed through a dedicated section in Hepsia and is turned on automatically when you include a new domain or generate a subdomain, so you won't need to do anything manually. You'll also be able to disable it or switch on the so-called detection mode, so it shall keep a log of potential attacks that you can later analyze, but shall not block them. The logs in both passive and active modes contain information about the form of the attack and how it was prevented, what IP address it came from and other important info that might help you to tighten the security of your sites by updating them or blocking IPs, for instance. In addition to the commercial rules we get for ModSecurity from a third-party security enterprise, we also implement our own rules because occasionally we detect specific attacks that are not yet present within the commercial pack. This way, we can improve the security of your VPS immediately as opposed to awaiting an official update.
ModSecurity in Dedicated Hosting
All of our dedicated servers which are installed with the Hepsia hosting CP feature ModSecurity, so any program you upload or set up will be properly secured from the very beginning and you will not need to worry about common attacks or vulnerabilities. An independent section within Hepsia will enable you to start or stop the firewall for every domain or subdomain, or switch on a detection mode so that it records info about intrusions, but does not take actions to prevent them. What you'll find in the logs can easily allow you to to secure your websites better - the IP an attack originated from, what website was attacked and in what way, what ModSecurity rule was triggered, etcetera. With this information, you can see whether an Internet site needs an update, whether you ought to block IPs from accessing your web server, and so forth. Aside from the third-party commercial security rules for ModSecurity we use, our admins include custom ones too if they discover a new threat that's not yet included in the commercial bundle.